<?php
require_once 'common.inc.php';

if ($action == 'login') {
	if (!$loginsubmit) {
		include systemplate('login');
	} else {
		$username = trim($username);

		$password = trim($password);

		$checkcode = trim($checkcode);

		$sql = "SELECT uid,username,password,usergroup FROM bl_members WHERE username='$username'";

		$query = $db -> query($sql);

		$member = $db -> fetch_array($query);
		$usergroup = $member['usergroup'];
		$ckarr = explode("\t", authcode($_DCOOKIE['checkcode'], 'DECODE')); 
		// 暂时去除验证码：将后台接收验证码和自动接收设置为相同
		$checkcode = $ckarr[0];
		if ($member['uid'] && $member['password'] == md5($password) && strtolower($ckarr[0]) == strtolower($checkcode)) {
			UNcookie('checkcode');
			$msys_pw = $member['password'];
			$msys_uid = $member['uid'];

			dsetcookie('auth', authcode("$msys_pw\t$msys_uid\t$timestamp", 'ENCODE'), $cookietime);
			setcookie('frommsys_user', $username, $cookietime, '/');
			setcookie('frommsys_group', $usergroup, $cookietime, '/');

			adminmsg('登录成功，正在跳转', 'index.php');
		} else {
			if ($ifcacti == 1) {
				adminmsg('登录失败，请输入正确信息', 'login.php?action=login&ifcacti=1');
			} else {
				adminmsg('登录失败，请输入正确信息', 'login.php?action=login');
			} 
		} 
	} 
} elseif ($action == 'logout') {
	$msys_uid = 0;
	$msys_pw = $msys_user = '';
	setcookie('frommsys_user', '', $timestamp-3600 * 8);
	UNcookie($cookiepre . 'auth');

	UNcookie('checkcode');

	adminmsg('退出成功', 'login.php?action=login');
} 

?>